Global Management Services, Inc.

Data Processing Agreement

 

The Client and Global Management Services, Inc. (hereinafter “GMS”) (together, the "Parties") have entered into an agreement for the provision of travel and/or event management services by GMS to the Client and, where applicable, to the Client’s Affiliates ("GMS Services Agreement").

In performance of its obligations under the GMS Services Agreement, GMS processes Personal Data on behalf of the Client as set forth herein and in the GMS Services Agreement ("Contract Data Processing").  The Parties agree that, in relation to the Contract Data Processing, GMS is the Processor and the Client is the Controller.

This Data Processing Addendum ("DPA") forms part of the GMS Services Agreement and specifies the rights and obligations of the Parties in connection with the Contract Data Processing. This DPA shall not replace any comparable or additional rights relating to processing of Personal Data contained in any GMS Services Agreement (including any existing data processing agreement that may have been agreed between the Client and GMS).

By agreeing to the GMS Services Agreement, the Client enters into this DPA on its own behalf and, to the extent required under applicable data protection laws, on behalf of its Affiliates, if and to the extent GMS processes Personal Data for which such Affiliates qualify as Data Controller.

In consideration of the Parties’ mutual rights and obligations set out in the GMS Services Agreement and this DPA, the Parties agree as follows:

1. DEFINITIONS

Capitalized terms used herein shall have the meaning assigned to them in the GMS Services Agreement or in Section 15 (List of Definitions) below.  Unless otherwise defined herein, the definitions of the EU General Data Protection Regulation 2016/679 ("GDPR"), in particular the terms "Controller", "Data Subject", "Member State", "Personal Data", "Personal Data Breach", "Processor", "Processing" and "Supervisory Authority" shall apply.

2. SUBJECT MATTER OF DPA

2.1 GMS shall process Client Personal Data for the purpose of providing the services described in the GMS Services Agreement ("Contract Services") and any additional services under this DPA ("Processing Services") to the Client ("Admissible Purpose").  The Parties agree and acknowledge that the Client will be qualified as Controller and GMS will be qualified as Processor when processing Client Personal Data hereunder.

2.2 Annex 2.2 sets forth details of

(a) purposes of Processing;

(b) duration of Processing

(c) categories of Client Personal Data;

(d) categories of Data Subjects concerned by the Processing.

2.3 When processing any Client Personal Data outside of the territory of the European Union or the EEA or engaging in any act or practice regarding Client Personal Data where that act or practice is subject to data protection laws in jurisdictions outside the territory of the European Union or EEA, GMS shall comply with those applicable data protection laws, and in particular will provide appropriate safeguards to ensure an adequate level of data protection in accordance with Art. 44 et seq GDPR.

2.4 GMS shall process Client Personal Data only on behalf of the Client and in strict accordance with the Client's written instructions, including transfers of Personal Data to a Third Country or an international organization, unless required to do so by Union or Member State laws to which GMS is subject.  In such a case, GMS shall inform the Client of that legal requirement before such Processing, unless that law prohibits such information on important grounds of public interest.  For the avoidance of doubt, whenever this DPA or the GMS Services Agreement include provisions relating to the Processing of Client Personal Data (e.g. an obligation to anonymize certain Client Personal Data) such Processing shall be considered an instruction of the Controller pursuant to this DPA.

2.5 The Processing shall, at all times be conducted in a professional manner and in compliance with the principles of proper data processing, the provisions of the GMS Services Agreement, this DPA and applicable law. 

3. REQUIRED TECHNICAL AND ORGANIZATIONAL MEASURES

3.1 GMS shall take all reasonable efforts to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services as well as the ability to restore the availability and access to Client Personal Data in a prompt manner in the event of a physical or technical incident as appropriate for the Processing of Client Personal Data hereunder and as required under applicable law.  Having regard to the state of technological development, the cost of implementing such measures and the nature, scope and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, GMS shall implement appropriate technical and organizational measures in order to:

(a) prevent (i) unauthorized or unlawful processing of the Client Personal Data; and (ii) the accidental loss or destruction of, or damage to, the Client Personal Data; and

(b) ensure a level of security appropriate to (i) the harm that might result from such unauthorized or unlawful processing or accidental loss, destruction or damage; and (ii) the nature of the Client Personal Data to be protected, including, as appropriate, the measures referred to in Article 32 GDPR ("Data Security Standards").

3.2 Without prejudice to the generality of the foregoing, the Data Security Standards that GMS shall implement and maintain are defined in Annex 3.2.

3.3 Acknowledging that the Data Security Standards are subject to technical progress and development, the Parties agree that GMS shall be authorized to implement adequate alternative technical and organizational measures provided, however, that such measures shall not materially fall short of the level of security provided by the Data Security Standards and shall comply with the requirements under applicable laws.

4. DATA SUBJECT RIGHTS

4.1 GMS shall correct, delete, block or otherwise process Client Personal Data and shall take any other measures in relation to requests from Data Subjects in relation to their rights under applicable laws ("Data Subject Requests") only in accordance with and subject to the written instructions of the Client.  GMS shall promptly provide any required information and use best efforts to assist the Client in dealing with any Data Subject Requests.

4.2 The Client shall be solely responsible for dealing with Data Subject Requests.  GMS shall promptly notify the Client of any Data Subject Requests or other enquiries relating to this DPA without responding to such requests or enquiries unless expressly otherwise instructed by the Client.

5. FURTHER OBLIGATIONS OF GMS

5.1 GMS shall maintain a written record of all categories of processing activities carried out on behalf of a Client in accordance with Art. 30 par. 2 GDPR.

5.2 GMS shall reasonably assist the Client in relation to:

(a) preparation of the records of processing activities in accordance with Art. 30 GDPR in relation to the Processing under this DPA and shall immediately upon request provide the Client with any information required for this purpose in a format reasonably requested by the Client;

(b) data protection impact assessments (DPIA) in accordance with Art. 35 GDPR; and

(c) any requests or consultations with the responsible Supervisory Authority.

5.3 GMS shall ensure that any personnel undertaking or involved in the Processing under this DPA are properly qualified and trained and have committed themselves to keep Client Personal Data confidential or are under an appropriate statutory obligation of confidentiality in accordance with applicable laws which shall survive termination of this DPA.

5.4 If required, GMS has appointed a data protection officer.

6. SUB-PROCESSING

6.1 GMS shall be authorized to engage other Processors in relation to the Contract Data Processing ("Sub-Processor") only in accordance with and to the extent permitted by applicable laws.

6.2 Any engagement of a Sub-Processor requires prior documented consent of the Client which shall not be unreasonably withheld.  The Client hereby consents to GMS continuing to use any of GMS’s Affiliates and all Sub-Processors already engaged by GMS as at the date of this Addendum (a full list is available on request by contacting the GMS data protection officer).  The Client shall promptly take any reasonable action required or appropriate to facilitate or support any transfer of Client Personal Data to approved Sub-Processors (e.g. updating registrations with Supervisory Authorities). 

6.3 GMS shall provide a mechanism to subscribe to notifications of new Sub-Processors, to which the Client shall subscribe, and if the Client subscribes, GMS shall provide notification of any new Sub-Processor.  If, within two weeks of receipt of any such notice, the Client notifies GMS in writing of any objections to the proposed appointment for legitimate reasons GMS shall work with the Client in good faith to take reasonable measures to address the objections raised by the Client and where such a measures cannot be agreed within three weeks from GMS's receipt of the Client's notice, notwithstanding anything in the GMS Services Agreement, the Client may by written notice to GMS with immediate effect terminate the GMS Services Agreement to the extent that it relates to the Contract Services which require the use of the proposed Sub-Processor.  ‘Legitimate reasons’ shall be deemed given if there is an indication based on objective facts which reasonably support the assumption that the engagement of the Sub-Processor would breach applicable law or this DPA.

6.4 Where GMS engages a Sub-Processor for carrying out specific processing activities on behalf of the Client, GMS shall enter into a written agreement with the Sub-Processor which includes terms which offer at least the same level of protection for Client Personal Data as those set out in this DPA and meet the requirements of Art. 28 par 3 GDPR.  The agreement with the Sub-Processor shall include a direct audit right for the Client or other appropriate audit mechanisms (e.g. third-party audits or audits conducted by GMS on behalf of the Client).

6.5 GMS shall conduct regular audits as required under applicable law to ensure that the Sub-Processor complies with the Data Security Standards, applicable laws and its other contractual obligations.

6.6 In case of non-compliance of the Sub-Processor with its contractual obligations relating to Client Personal Data, GMS shall remain fully liable to the Client for any damages caused by such non-compliance and shall indemnify and hold harmless the Client against any claims or damages in connection with or resulting from the engagement of the Sub-Processor.

7. RESTRICTED TRANSFERS

7.1 The Parties will immediately upon reasonable request of either Party and prior to commencement of any Restricted Transfer (i) enter into the standard clauses set forth in the Commission Decision dated February 5, 2010 (2010/87/EU) and/or (ii) enter into or establish any other appropriate instruments or undertakings required under applicable law to effect such Restricted Transfer without breach of such applicable law.  If so required by applicable law, GMS shall cause any Sub-Processor to enter into such instruments or undertakings directly with the Client or shall enter into such instruments or undertakings with the Sub-Processor in the name and on behalf of the Client based on an appropriate Power of Attorney to be issued by the Client promptly upon request of GMS.

7.2 "Restricted Transfer" means any transfer of Client Personal Data by or to any of the Parties or a Sub-Processor which would be prohibited by applicable law in the absence of the instruments or undertakings referred to in Section 7.1 above.

7.3 When processing Client Personal Data outside of the territory of the European Union or the EEA or engaging in any act or practice regarding Client Personal Data where that act or practice is subject to data protection laws in jurisdictions outside the territory of the European Union or EEA, GMS shall comply with those data protection laws, and in particular will provide appropriate safeguards to ensure an adequate level of data protection in accordance with Art. 44 et seq GDPR.

8. INSPECTIONS AND AUDITS

8.1 Upon request, GMS shall make available to the Client all information necessary to demonstrate compliance with this DPA, and shall allow for and contribute to audits in relation to the Processing of Client Personal Data, including inspections of the data-processing facilities of GMS, by the Client or an auditor mandated by the Client, to the extent required by applicable law and in accordance with this Section 8. 

8.2 Upon the Client’s request in writing, GMS shall provide the Client with a summary of the results of its latest internal data security audit.  In addition, GMS will, upon Client's request and not more than once each year, participate in a written information security questionnaire process of the Client evaluating GMS’s compliance with the Data Security Standards. 

8.3 Information and audit rights of the Client under Section 8.1 shall only arise under this Section if and to the extent that (i) the GMS Services Agreement does not otherwise provide for information and audit rights meeting the relevant requirements of applicable law (including Art. 28 par. 3(h) GDPR) and (ii) the information provided under Section 8.2 is not sufficient for the Client to comply with its inspection and audit obligations under applicable law.

8.4 The Client shall give GMS at least three (3) weeks' notice of any audit or inspection to be conducted and shall avoid causing any damage, injury or disruption to GMS's premises, equipment, personnel and business.  GMS need not give access to its premises for the purposes of such an audit or inspection:

(a) to any individual unless he or she produces reasonable evidence of identity and authority;

(b) for the purposes of more than one audit or inspection in any calendar year, except for any additional audits or inspections which the Client is requested to carry out by a Supervisory Authority or any similar regulatory authority responsible for the enforcement of applicable laws.

8.5 In the event that the Client identifies any deficiencies or irregularities related to the Processing of Client Personal Data, GMS will discuss such findings with the Client and the Parties shall work together to develop a mutually agreeable remediation plan.  If and to the extent applicable law specifically requires, or will require, changes to the preceding or additional audit rights to be granted to the Client, this DPA shall be construed and/or amended in a way that it complies with such additional requirements.  GMS shall immediately inform Client, if in its opinion, an instruction pursuant to this Section infringes any EU Data Protection laws or other EU or Member State data protection provisions (Art. 28 par. 3 GDPR).

8.6 No documentation or information may be copied, shared, transmitted or removed from GMS's premises, except as mutually agreed or required by applicable law.  Any non-public documentation and information disclosed to the Client in accordance with this Section shall be deemed proprietary and confidential information of GMS.  The Client shall not disclose such documentation or information to any third party or use it for any purpose other than evaluating GMS’s compliance with the Data Security Standards.


9. PERSONAL DATA BREACHES AND INCIDENTS

9.1 The Parties are aware that applicable law may impose a duty on the Client to inform the competent Supervisory Authority and the Data Subject in the event of Personal Data Breach affecting Client Personal Data.  Such incidents must therefore be notified to the Client, regardless of their origin.  GMS shall promptly notify the Client of any technical, organisational or other incidents (including incidents at Sub-Processors) which have resulted or may result in a Personal Data Breach in the sense of Art. 33 par. 1 GDPR affecting Client Personal Data ("Data Security Incident").  Data Security Incidents include in particular, but are not limited to, the following:

(a) any actual or suspected unauthorized access, disclosure, loss, download, theft, blocking, encryption or deletion by malware or other unauthorized action in relation to Client Personal Data by unauthorized third parties;

(b) any actual or suspected operational incidents which have an impact on the Processing of Client Personal Data;

(c) any actual or suspected breach of this DPA or applicable law by GMS, its employees or agents to the extent that such breach affects the integrity and security of Client Personal Data or materially adversely impacts GMS's obligations under this DPA; or

(d) any legally binding request for disclosure or seizure of Client Personal Data by a law enforcement or other public authority unless GMS is prohibited by statutory law to notify such incident to the Client.

9.2 GMS's notification of a Data Security Incident to the Client must be comprehensive and include in particular any information required under Art. 33 par. 3 GDPR and/or required by applicable laws.

9.3 Notification must be made by email to the contact specified in the GMS Services Agreement and, where the Client has provided GMS with relevant contact details, the Client’s Data Protection Officer.

9.4 In the event that GMS is required under applicable law to notify a Data Security Incident to a Supervisory Authority or other authority, the Data Subjects concerned or any other third parties (e.g. if the Data Security Incident results in a Personal Data Breach for which GMS is itself responsible as Controller), GMS shall, to the extent permitted under applicable law and reasonably possible, liaise and coordinate with the Client prior to making such notification.  The Parties shall use their best efforts to agree on a joint approach with a view to prevent any contradicting or inconclusive notifications.  This includes providing each other with the details of any notification and the date and time on which notification will be made.

9.5 In the event of a Data Security Incident, GMS shall promptly take any measures required and appropriate under applicable law and technical standards to restore the confidentiality, integrity and availability of the Client Personal Data and the resilience of the processing systems and services and to mitigate the risk of harm and/or any detrimental consequences for the Data Subjects affected or potentially affected by the Data Security Incident.

9.6 The Parties shall use best efforts to support each other in the event of any audits, enquiries, investigations or other proceedings initiated by a Supervisory Authority or any other public body in relation to the Contract Data Processing.  To the extent permitted under applicable law, either Party shall immediately notify the other Party of such proceedings.

10. COSTS OF PROCESSING SERVICES

10.1 Unless expressly provided otherwise herein or in the GMS Services Agreement, the Client shall promptly upon being invoiced by GMS compensate GMS for any costs and expenses reasonably incurred and required in rendering the Processing Services hereunder (i.e. services which go beyond the Contract Services and which are not based on statutory obligations of GMS). 

10.2 The preceding shall not apply to any immaterial non-recurring costs which the Parties may reasonably expect to be covered by the fees and charges payable under the GMS Services Agreement.  For the avoidance of doubt, this does not include any Processing Services provided in accordance with Sections 4 - 8.

11. CLIENT'S OBLIGATIONS

11.1 The Client shall promptly take any action required to comply with its own obligations under applicable law in relation to the Processing of Client Personal Data hereunder (e.g. effect any required notification of Data Subjects).

11.2 The Client warrants that (i) it is entitled to engage and to provide the Client Personal Data to GMS and (ii) the Processing of the Client Personal Data, provided that GMS complies with applicable laws and the provisions of this DPA, does not infringe any third-party rights.

12. RETURN AND DELETION OF CLIENT PERSONAL DATA

12.1 Upon termination of the GMS Services Agreement or any time upon request of the Client, GMS shall promptly delete and procure the deletion of all copies of Client Personal Data.  If and to the extent a deletion is not reasonably practicable, GMS shall ensure that the Client Personal Data concerned are anonymized or permanently blocked and protected against unauthorized access, disclosure or use.  The Client may in its absolute discretion by written notice require GMS to return a complete copy of all Client Personal Data to the Client by secure file transfer in such format as is reasonably notified by the Client to GMS.  GMS shall comply with any such written request.

12.2 GMS may retain Client Personal Data to the extent required by applicable law and only to the extent and for such period as required by applicable law and always provided that GMS shall ensure that such retained Client Personal Data is (i) kept confidential and protected against unauthorized access, disclosure or use and (ii) only Processed as necessary for the purpose(s) specified in the applicable law requiring its storage and for no other purpose.

12.3 Upon written request of the Client, GMS shall provide written certification to the Client that it has fully complied with this Section.

13. BREACH OF THIS DPA

In the event of a breach of this DPA, the relevant provisions of the GMS Services Agreement shall apply.

14. AMENDMENT FOR DATA PROTECTION COMPLIANCE

14.1 Either Party may, with at least two weeks' written notice to the other Party, from time to time propose any amendments to this DPA which such Party reasonably considers to be necessary to address the requirements of applicable law.  If any Party gives such notice, the Parties shall promptly co-operate (and ensure that any affected Sub-Processors promptly co-operate) to ensure that appropriate amendments are made to address the requirements identified in the notice as soon as is reasonably practicable.

14.2 In the event of any changes of applicable law or guidance by a Supervisory Authority or any specific instructions or orders by a Supervisory Authority in relation to this DPA, the Parties shall promptly amend this DPA as reasonably required and appropriate to ensure compliance with such changed legal requirements.

15. LIST OF DEFINITIONS

"Admissible Purpose" has the meaning assigned in Section 2.1.

"Affiliate" means any legal entity directly or indirectly controlling or controlled by or under direct or indirect common control with the specified entity. "Control", for the purposes of this definition, means the power to direct the management and policies of such entity, directly or indirectly, whether through the ownership of voting securities, by contract (including franchise or trademark license agreement) or otherwise.

"Client" means the entity that has entered into a GMS Services Agreement with GMS and, for the purposes of this DPA only, and except where indicated otherwise, includes the Client’s Affiliates. 

"Client Personal Data" means any Personal Data processed by GMS on behalf of the Client pursuant to or in connection with a GMS Services Agreement.

"Contract Data Processing" has the meaning assigned to the term in the Background Section.

"Contract Services" has the meaning assigned to the term in Section 2.1.

"Data Security Incident" has the meaning assigned to the term in Section 9.1.

"Data Security Standards" has the meaning assigned to the term in Section 3.1.

"Data Subject Requests" has the meaning assigned to the term in Section 4.1.

"DPA" has the meaning assigned in the Background Section.

"EEA" means the European Economic Area.

"GMS" means Global Management Services, Inc., i.e., the entity which is a party to the GMS Services Agreement and, to the extent any Affiliate of the aforementioned entities processes Personal Data on behalf of the Client in the territory of the European Union of the EEA, "GMS" shall mean and include that Affiliate.

"GDPR" has the meaning assigned to the term in Section 1.

"Processing Services" has the meaning assigned to the term in Section 2.1.

"Sub-Processor" has the meaning assigned to the term in Section 6.1.

"Third Country" means the countries which are not a member of the EU or EEA and have not been recognized by the European Commission as providing an adequate level of Personal Data protection. The countries that have been so recognized include, as of November 2017, Andorra, Argentina, Canada, Faeroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland and Uruguay.

"GMS Services Agreement" has the meaning assigned in the Background Section.

16. FINAL PROVISIONS

16.1 Order of precedence.   This DPA varies the terms of the GMS Services Agreement and the provisions of this DPA are incorporated into and form part of the GMS Services Agreement as if set out in the GMS Services Agreement in full.  In the event of any conflict or inconsistency, the provisions of this DPA shall take precedence over the provisions of the GMS Services Agreement.  Otherwise, the provisions of the GMS Services Agreement shall remain in full force.

16.2 Written form.   No change of or amendment to this DPA and any of its terms shall be valid and binding unless made in writing and unless they make express reference to being a change or amendment to this DPA.  The foregoing shall also apply to the waiver of this mandatory written form.

16.3 Severance.   Should any provision of this DPA be invalid or unenforceable, then the remainder of this DPA shall remain valid and in force. The invalid or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.  This shall apply accordingly in the event of any unintended gaps.

Annex 2.2

Purpose of the Processing, Duration of the Processing, Categories of Client Personal Data and Data Subjects Concerned by the Processing

1. PURPOSE OF PROCESSING

Any Processing hereunder will be performed exclusively for the purpose of executing the GMS Services Agreement (limitation of admissible purpose).

2. DURATION OF PROCESSING

The duration (term) of this DPA is equal to the term of the GMS Services Agreement and this DPA shall terminate automatically when the GMS Services Agreement terminates, with the exception of any provisions intended to survive termination hereof or the GMS Services Agreement.  Any right to terminate this DPA separately prior to such termination date shall be excluded to the extent permitted by applicable law.

3. CATEGORIES OF CLIENT PERSONAL DATA

• Traveler Profile Data.   Name, residential address, telephone number, email, job title, office location, employee number, passport and visa information (including date of birth, nationality, place of birth, passport number and expiry date), driving license number and information, mileage and frequent flyer/guest card numbers.

• Passenger Name Record (“PNR”) Data.   Traveler Profile Data processed in PNR format associated with reservation data, including flight dates and routings, flight numbers, hotel reservations, car rental bookings, rail bookings, ticketing information, authorization solutions and travel risk management.     

• Payment Data.   Credit/debit card details and bank details (if required under the payment arrangements in the GMS Services Agreement).

 Dietary and Special Assistance Information.   Provided in connection with travel arrangements (such as meal requests or special assistance requirements) which potentially concern health or indicate religious belief.

 Emergency Contact Details.   Name and telephone number of travelers’ partners/emergency contacts.

4. CATEGORIES OF DATA SUBJECTS CONCERNED

• Employees, agents and contractors (“Personnel”) of the Client and the Client’s Affiliates.

• Emergency contacts and/or partners of the Client’s Personnel and the Client’s Affiliates’ Personnel.

Annex 3.2

DATA SECURITY STANDARDS

1. DATA SECURITY GOVERNANCE

GMS maintains internal organizational and governance procedures to appropriately manage information throughout its lifecycle.  GMS regularly tests, assesses and evaluates the effectiveness of its Data Security Standards.

2. PHYSICAL ACCESS CONTROL

GMS uses a variety of measures to prevent unauthorized access to the physical premises where Personal Data are processed.  Those measures include:

• Centralized key and code management, card-key procedures

• Batch card systems including appropriate logging and alerting mechanisms

• Surveillance systems including alarms and, as appropriate, CCTV monitoring

• Receptionists and visitor policies

• Locking of server racks and secured equipment rooms within data centers

3. VIRTUAL ACCESS CONTROL

GMS implements appropriate measures to prevent its systems from being used by unauthorized persons. This is accomplished by:

• Individual, identifiable and role-based user account assignment

• Role-based and password protected access and authorization procedures

• Centralized, standardized password management and password policies (minimum length/characters, change of passwords)

• Deactivation of user accounts after 5 failed login attempts

• Automatic log-off in case of inactivity

• Anti-virus management

4. DATA ACCESS CONTROL

Individuals that are granted use of GMS systems are only able to access the data that are required to be accessed by them within the scope of their responsibilities and to the extent covered by their respective access permission (authorization) and such data cannot be read, copied, modified or removed without specific authorization. This is accomplished by:

• Authentication at operating system level

• Separate authentication at application level

• Authentication against centrally-managed authentication system

• Segregation of duties and authorizations between users, administrators and system developers

• Change control procedures that govern the handling of changes (application or OS) within the environment

• Remote access only via VPN including appropriate authorization and authentication

• Logging of system and network activities to produce an audit-trail in the event of system misuse

5. DISCLOSURE CONTROL

GMS implements appropriate measures to prevent data from being read, copied, altered or deleted by unauthorized persons during electronic transmission and during the transport of data storage media. GMS also implements appropriate measures to verify to which entities’ data are transferred. This is accomplished by:

• Data transfer protocols including encryption for data carrier/media

• Profile set-up data transfer via Secure File Transfer Protocol

• Encrypted VPN

• No physical transfers of backup media

6. DATA ENTRY CONTROL

GMS implements appropriate measures to monitor whether data have been entered, changed or removed (deleted), and by whom. This is accomplished by:

• Documentation of administration activities (user account setup, change management, access and authorization procedures)

• Archiving of password-reset and access requests

• System log-files enabled by default

• Storage of audit logs for defined periods of time for audit trail analysis

• Centralization of audit logs to correlate incidents cross-system

7. INSTRUCTIONAL CONTROL

GMS implements appropriate measures to ensure that data may only be processed in accordance with the instructions of the Client. Those measures include:

• Binding policies and procedures on GMS employees

• Where sub-processors are engaged in the processing of data, including appropriate contractual provisions to the agreements with sub-processors to maintain instructional control rights

8. AVAILABILITY CONTROL

GMS maintains appropriate levels of redundancy and fault tolerance for accidental destruction or loss of data, including:

• Extensive and comprehensive backup and recovery management systems

• Documented disaster recovery and business continuity plans and systems

• Storage and archive policies

• Anti-virus, anti-spam and firewall systems and management including policies

• Data centers are appropriately equipped according to risk, including physically separated back up data centers, uninterruptible power supplies (backup generators), fail redundant hardware and network systems and alarm and security systems (smoke, fire, water)

• Network built to N+1 redundancy levels throughout

• Server clustering used in most applications to protect against hardware failures

• Mirror of hard disks is used in all systems (e.g., RAID), in both local storage and SAN-based storage environments

• On-site UPS systems provide uninterrupted power to platforms and on-site generator systems provide long-term power in the event of a prolonged outage

• All critical systems have fail-redundant services running in parallel in the secondary data center.

9. SEPARATION CONTROL

GMS implements appropriate measures to ensure that data that are intended for different purposes are processed separately. This is accomplished by:

• Access request and authorization processes provide brand-client data separation (logical application-based segregation)

• Separation of functions (productions/testing)